SSL/TLS Session-Aware User Authentication-Or How to Effectively Thwart the Man-in-the-Middle

Download Now
Provided by: ETH Zurich
Topic: Security
Format: PDF
Man-in-the-middle attacks pose a serious threat to SSL/TLS based electronic commerce applications, such as Internet banking. In this paper, the authors argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, they introduce the notion of SSL/TLS session-aware user authentication, and present different possibilities for implementing it. More specifically, they start with a basic implementation that employs impersonal authentication tokens.
Download Now

Find By Topic